http://beckelman.net/post/2010/04/01/Custom-ASPNET-MVC-Authorization-Attribute-For-Ajax-Requests.aspx
http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx
Tuning jQuery: http://www.artzstudio.com/2009/04/jquery-performance-rules/
Memory leak: http://stackoverflow.com/questions/1462649/jquery-memory-leak-with-dom-removal
Tuesday, November 29, 2011
Friday, November 18, 2011
Cryptography
Shared-key encryption
Shared-key signature
Public-key encryption
Public-key signature
Certificate is basically a message signatured by a Certificate Authority (CA)
- c = Enc(key, msg) ----(c)---- msg = Dec(key, c)
Shared-key signature
- m,a = h(key, m) ----(m,a)---- m,a =? h(key, m)
Public-key encryption
- c = Enc(P-recv, m) ----(c)---- m=Dec(S-recv,m)
Public-key signature
- m,a = f(S-send, m) ----(m,a)---- m,a =? g(P-send,m)
Certificate is basically a message signatured by a Certificate Authority (CA)
- m,a = f(S-CA, m) ----(m,a)---- m,a =? g(P-CA, m)
SSH see a good summary at http://aperiodic.net/phil/ssh/
- Host sends its public key to client for authentication
- Key authentication
- Client generate public-private key pair
- public key is sent to Host
- Client doesn't need password anymore (it needs to input passphrase for accessing the private key though)
- ssl-agent is used to remember the passphrase so that client can log into host without being asked anything
- Sequence for Key authentication
- Client connect to Server
- Server returns a 'challenge'
- Client create an 'authenticator' from the challenge and its private key, and send it back to Server
- Server check the 'authenticator' using the Client's public key
- SSH-Transport layer uses Key Exchange algorithm
- One example is here: http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
Jargon of terms: http://identityaccessman.blogspot.com/